How to Hide Your Genome

CHICAGO, ILLINOIS—As the cost of genetic sequencing plummets, experts believe our genomes will help doctors detect diseases and save lives. But not all of us are comfortable releasing our biological blueprints into the world. Now, cryptologists are perfecting a new privacy tool that turns genetic information into a secure yet functional format. Called homomorphic encryption and presented here today at the annual meeting of AAAS, which publishes Science, the method could help keep genomes private even as genetic testing shifts to cheap online cloud services.

Existing encryption techniques make data secure at the expense of making it unusable. Because of this, most genetic sequences are simply anonymized before being sent out for analysis. However, computational biologist Yaniv Erlich at the Whitehead Institute for Biomedical Research in Cambridge, Massachusetts, told meeting attendees that with a little genetic sleuthing, this supposedly anonymous data can easily track back to its owner. Erlich says he positively matched 12% of male genomes with the exact person they originated from.

In 2009, the first lattice-based cryptography scheme was announced by IBM. The geometry-based encryption method allows data to be manipulated through both multiplication and addition while remaining encrypted. Researchers realized that the complex algorithms used during genetic tests could be closely approximated by the two basic mathematical operations. Lattice cryptology enabled homomorphic encryption, allowing computers to analyze encrypted data and return encrypted results without ever being able to decode the information. Cryptologist Kristin Lauter, research manager for the cryptography group at Microsoft Research in Redmond, Washington, likened the method to locking a gold brick in a safe with a pair of gloves attached to openings in the side. A jeweler could still use the gold to make jewelry without ever having full access to the gold brick.

However, homomorphic encryption requires substantially longer computation times than conventional methods do. At first, the technique seemed completely impractical, but Lauter and other researchers are fine-tuning what they call practical homomorphic encryption, which sacrifices computational freedom for faster performance. Running a typical high-end consumer computer, Lauter calculated the heart attack risk of a patient in about 0.2 seconds based on personal health information. While substantially faster than pure homomorphic techniques, the computation still ran a billion times slower than it would without securing the patient's privacy. Lauter believes homomorphic encryption could be standardized by the National Institute of Standards and Technology within 10 years, an important step toward wide-scale adoption.

"Homomorphic encryption is a huge tool in our toolbox that we need to consider in policy discussions," Lauter says. "We can't solve all the problems using this method, but in combination with other, faster techniques it could provide a solution."

John Wilbanks, a privacy expert at Sage Bionetworks in Seattle, Washington, says that while cutting-edge techniques like homomorphic encryption will improve privacy, keeping genetic information completely secure is impossible. "In 50 years the cost of genome sequencing is expected to be very low," he says. "If there's a copy of your genome out there that's heavily encrypted, it would just be better for me to shake hands with you and take some of your genetic material. The more we increase the penalty for getting an existing copy of a genome, the more the incentive is to just make a new copy."